IRS forced to raise its shields in bot attack

Identity thieves used an automated bot in an attempt to generate phony login information to breach the Internal Revenue Service, the agency said. Using Social Security numbers stolen from elsewhere, the thieves used malware to try to create e-file PINs, used by some taxpayers to file their returns. No personal taxpayer information was exposed during the attempt, according to the agency, and the hack has been halted. An internal investigation identified unauthorized attempts involving around 464,000 Social Security numbers, 101,000 of which were used to successfully access an e-file PIN in December. Source: The Hill

There’s no Justice in this con game

The Justice Department is investigating how someone was able to sneak into one of the agency’s computer systems and take thousands of federal workers’ names, phone numbers, and email addresses and make them public. The computer breach appears to have occurred in the Justice Department’s Civil Division, where hackers apparently were able to trick an employee into providing enough information to enter the nonclassified computer network for that part of the department, according to officials familiar with the matter. A Twitter account posted a link to a list of contact information for roughly 9,000 employees of the Department of Homeland Security and a link to a list of an estimated 20,000 FBI employees. The lists amount to sections of the agencies’ phone book—with name, job title, phone number, and email listed for the individuals. Source: MarketWatch

French tell Facebook non, non, non

The Commission Nationale de l’Informatique et des Libertés, France’s data-protection authority, has ordered Facebook to stop tracking Web activity by nonusers without their consent, and to stop some transfers of personal data to the United States, within the next three months. The CNIL issued its order as a result of the invalidation of the Safe Harbor agreement between the U.S. and the European Commission. The three-month deadline for companies to establish alternative legal arrangements for the transferring of data recently expired. Facebook maintained that it complies with data-protection laws in the EU. Source: AdWeek

A tough lesson for students to learn

Two former University of Central Florida students have filed a lawsuit alleging the school put them at an increased risk for identity theft and failed to notify them of the data breach in a timely manner. The lawsuit comes in response to UCF’s announcement that a hacker gained access to 63,000 Social Security numbers belonging to former and current students and workers. The lawsuit moves to request documentation of any other possible breaches and cyber training practices, security policies, budgets and other information over the past five years. UCF officials said they mailed letters to potential victims and are offering them one year of free credit monitoring and identity protection services. … Four University of California Berkeley students and alumni have sued Google, alleging that UC Berkeley emails were the target of data mining from 2012 to 2014. The plaintiffs allege Google scanned emails, violating the Electronic Communications Privacy Act, a federal statute that protects electronic communications while in transit and in storage. Google has not released any information verifying whether the emails were scanned, although attorney Ray Gallo, who is filing the lawsuit on behalf of UC Berkeley students and alumni, and the plaintiffs believe that a 2014 post by Google acknowledging that Apps for Education emails had been scanned prove it. Google representative William Fitzgerald said the company does not comment on pending litigations. Sources: WESH, Orlando; The Daily Californian

A target on their backs—bank on it

Banks will continue to be a constant target for cyber criminals in 2016, according to new research. The ThreatMetrix Cybercrime Report for Q4 2015 found there has been a 40 percent increase in cybercriminal activity against banks in the past 12 months, which includes more than 100 million attempts at fraud during this period: 21 million of these attempts came in 90 days from October to December. The same 90-day period saw a record of 45 million bot attacks against banks, a tenfold increase compared with the previous quarter. The report warns that even if one attack was successful, a major bank could be paralyzed for days, potentially leading to billions in lost business. Source: ZDNet

Threats from the East continue to loom

China is continuing to conduct cyber espionage operations against the United States, and Beijing’s commitment to a U.S.-China cyber agreement is questionable, the director of national intelligence told Congress. “China continues cyber espionage against the United States,” James Clapper, the director, testified during an annual threat briefing to the Senate Armed Services Committee. Clapper identified potential cyber attacks against critical infrastructure and advancing cyber warfare capabilities in nations such as China, Russia, North Korea and Iran as the among the most serious U.S. national security threats. “China continues to have success in cyber espionage against the U.S. government, our allies, and U.S. companies,” Clapper said. Source: The Washington Free Beacon

Cybersecurity takes its place in the nation’s budget

The White House unveiled a 2017 budget proposal that requests boosting cybersecurity funding by 35 percent to $19 billion and announced new efforts to defend federal networks on the heels of a data breach that exposed thousands of government employees. The Obama administration’s Cybersecurity National Action Plan aims to modernize government networks, hire skilled personnel to maintain them, coordinate with companies on privacy and security, and empower Americans to adopt better online habits that will protect personal data, according to White House officials. Source: U.S. News

Getting everyone under the umbrella

The Senate passed a privacy bill that is considered integral to a pending trans-Atlantic data transfer pact with the European Union. The Judicial Redress Act, which gives EU citizens the right to challenge misuse of their personal data in U.S. courts, also is a prerequisite of a law enforcement data-sharing “umbrella” agreement reached last fall. The bill has long been a stated requirement of the agreement, which would allow the U.S. and EU to exchange more data during criminal and terrorism investigations. Its role in the final approval of the Privacy Shield is murkier. The deal replaces a 2000 agreement that permitted some 4,400 U.S. firms to legally handle European citizens’ data, struck down by the EU high court in October over privacy concerns. Source: The Hill

Patch me up

Microsoft has released its second batch of security updates for this year, addressing a total of 36 flaws in Internet Explorer, Edge, Office, Windows and .NET Framework. The patches are covered in 12 security bulletins, five of which are rated critical. There also is a 13th bulletin, also critical, for Flash Player. Although it’s maintained by Adobe, Flash Player is included with Internet Explorer 11 and Edge, so Microsoft is distributing Adobe’s patches through Windows Update. Researchers from security vendor Qualys believe that MS16-022, the Flash Player bulletin, should be at the top of users’ priority list because it contains fixes for 22 critical vulnerabilities that could give attackers complete control over computers. Flash Player is a frequent target for attackers and can be exploited by simply visiting a malicious or compromised website. Source: CIO

Archive

Offer 24/7 IDT911 Protection

IDT911's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, member retention, and quickly generate long-term recurring revenue.